Trojan.KillProc2.28040

Technical Information

Malicious functions

Terminates or attempts to terminate

the following system processes:

%WINDIR%\explorer.exe
<SYSTEM32>\taskhost.exe
<SYSTEM32>\dwm.exe

the following user processes:

iexplore.exe
firefox.exe

Modifies file system

Creates the following files

%WINDIR%y1s2fctrp3
%ProgramFiles%\dvd maker\shared\w6csjja14n1 tsomq34 apv53deiq9fw .zip.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\s2fkave bd1l5ir tsomq34 7vepaqjm zmc8ujp .avi.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\yzw1afy girls nrb42wq .zip.exe
%ProgramFiles%\microsoft office\office14\groove\xml files\space templates\z9z7rwe 7nd83wovj beast [milf] nrb42wq .zip.exe
%ProgramFiles%\microsoft office\templates\fac71w2 h93bklf mzwpstr8n vjq39c1gwy .mpg.exe
%ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\f1i7cm w6csjja14n1 tsomq34 apv53deiq9fw feet ash (karin).avi.exe
%ProgramFiles%\windows journal\templates\fac71w2 cum sperm [free] ae2sd7u4xh .rar.exe
%ProgramFiles%\windows sidebar\shared gadgets\upfgetx ddqayq mnho9y54 vjq39c1gwy young .mpg.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\upfgetx ddqayq girls latex .avi.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\mzwpstr8n nom72kl cock .mpg.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\gay bq4kno .zip.exe
%CommonProgramFiles(x86)%\microsoft shared\upfgetx bd1l5ir gay hot (!) feet .mpg.exe
%ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\gzn4ud7e horse mnho9y54 [bangbus] 6tl9zg0uqa .mpg.exe
%ProgramFiles(x86)%\windows sidebar\shared gadgets\f07qtt bd1l5ir beast hot (!) (g6u8n4r).rar.exe
%ALLUSERSPROFILE%\microsoft\rac\temp\upfgetx cum mzwpstr8n vjq39c1gwy js80j73 .mpg.exe
%ALLUSERSPROFILE%\microsoft\search\data\temp\z9z7rwe wep6b08 mzwpstr8n [milf] (liz).rar.exe
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\eq7k2xcxt cum yzw1afy nom72kl hole shoes (c4w8hqa).avi.exe
%ALLUSERSPROFILE%\microsoft\windows\templates\eq7k2xcxt h93bklf horse uncut gsva2xn .mpeg.exe
%ALLUSERSPROFILE%\templates\ bq4kno cock (sonja,sarah).mpg.exe
%ALLUSERSPROFILE%\microsoft\rac\temp\lpcu5ai3 ihthd33 nmibe2 .avi.exe
%ALLUSERSPROFILE%\microsoft\search\data\temp\eq7k2xcxt bd1l5ir mzwpstr8n uncut (y8oxsqa).rar.exe
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\8r3baiec ddqayq lpcu5ai3 l9hwcs7vvnphd9 feet .zip.exe
%ALLUSERSPROFILE%\microsoft\windows\templates\ nom72kl lady .zip.exe
%ALLUSERSPROFILE%\templates\mzwpstr8n 7vepaqjm hole .zip.exe
C:\users\default\appdata\local\microsoft\windows\<INETFILES>\tsomq34 girls titts .mpeg.exe
C:\users\default\appdata\local\temp\s2fkave xakmpl gay l9hwcs7vvnphd9 ash (haj1oyikd,sarah).zip.exe
C:\users\default\appdata\local\<INETFILES>\beast l9hwcs7vvnphd9 titts lady (y8oxsqa).rar.exe
C:\users\default\templates\cum tsomq34 7vepaqjm .mpg.exe
%LOCALAPPDATA%\microsoft\windows\<INETFILES>\s2fkave 7nd83wovj mzwpstr8n 7vepaqjm cock shoes .mpeg.exe
%TEMP%\8r3baiec h93bklf mzwpstr8n l9hwcs7vvnphd9 girly .zip.exe
%LOCALAPPDATA%\<INETFILES>\tsomq34 [bangbus] 779mipj .mpg.exe
%LOCALAPPDATA%low\mozilla\temp-{12c7f776-de07-4d8a-a6eb-93019fcb4f66}\tsomq34 girls (liz).avi.exe
%LOCALAPPDATA%low\mozilla\temp-{28060726-42ae-4e49-b300-93149d394ff5}\f1i7cm h93bklf mnho9y54 vjq39c1gwy sgoibhh (dehod0,2hbt8wr).mpg.exe
%LOCALAPPDATA%low\mozilla\temp-{bc1f1f78-2666-4310-aef7-f6fd5ba4bc43}\fac71w2 7nd83wovj xxx nom72kl (liz).avi.exe
%APPDATA%\microsoft\templates\s2fkave porn nom72kl l9hwcs7vvnphd9 hole 8pfmdyy (2hbt8wr).avi.exe
%APPDATA%\microsoft\windows\templates\black wep6b08 gay epyxwn 50+ .mpg.exe
%APPDATA%\mozilla\firefox\profiles\apc2n9d1.default-release\storage\temporary\tsomq34 big glans .mpg.exe
%APPDATA%\thunderbird\profiles\rehh7ft5.default-release\storage\temporary\ big feet .rar.exe
%HOMEPATH%\templates\black bd1l5ir sperm nom72kl glans sweet .mpeg.exe
%WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\s2fkave 8ok6yf yzw1afy bq4kno feet latex (karin).mpeg.exe
%WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\f07qtt w6csjja14n1 nom72kl [free] 6tl9zg0uqa .mpeg.exe
%WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\fac71w2 cum yzw1afy epyxwn sm (36mho73,c4w8hqa).rar.exe
%WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\z9z7rwe wep6b08 tsomq34 [free] balls .avi.exe
%WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\nom72kl apv53deiq9fw hole hotel (karin).avi.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\black nude sperm hot (!) (c4w8hqa).avi.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\black w6csjja14n1 yzw1afy uncut 779mipj .zip.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\mnho9y54 apv53deiq9fw rv0y8n .zip.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\lpcu5ai3 vjq39c1gwy mg9fvb2xk9 (sonja,jade).mpg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\f1i7cm nude mzwpstr8n uncut hole .rar.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\eq7k2xcxt bd1l5ir nom72kl [milf] young .zip.exe
%WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\tsomq34 girls hole .mpeg.exe
%WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\gzn4ud7e horse nom72kl hotel (sandy,2hbt8wr).rar.exe
%WINDIR%\assembly\temp\s2fkave 8ok6yf xxx girls .mpeg.exe
%WINDIR%\assembly\tmp\fac71w2 w6csjja14n1 tsomq34 [milf] young .mpeg.exe

Miscellaneous

Searches for the following windows

ClassName: 'Progman' WindowName: ''
ClassName: 'Proxy Desktop' WindowName: ''

Restarts the analyzed sample

Executes the following

'%WINDIR%\explorer.exe'

Technologies

Begriffe

Schulung und Training

Mythen

Technical Information

Curing recommendations

Free trial